There is a little aphorism that’s grown on me over time. It’s a simple mantra, which hopefully you can agree with:
If you don’t know Group Policy, you don’t know security.
That’s because Group Policy and security are so intrinsically linked. The weird part is that the Group Policy engine itself isn’t a security mechanism. The Group Policy engine is a settings delivery mechanism. What you’re delivering, the payload of “instructions,” could be security oriented.
But if you don’t understand the range of what you can do with Group Policy—either the engine itself or the security payloads it can deliver—then, as my aphorism goes, “You don’t know security.”
Not only are you setting configuration items ...